resolv.conf 不匹配 netplan 配置

resolv.conf 不匹配 netplan 配置

我正在设置 Ubuntu Server 20.04 系统作为 LAN 和 WAN 之间的网关。我无法正确配置 DNS。

我的 2 个接口有 2 个 netplan 配置文件。

内部以太网接口(LAN)

root@gate:~# cat /etc/netplan/01-eth_int.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
        enp4s0:
            addresses: ['10.0.10.1/24']
            match:
                macaddress: 00:60:e0:76:9e:e7
            set-name: eth_int
  version: 2

外部以太网接口(WAN)

root@gate:~# cat /etc/netplan/02-eth_ext.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
        enp5s0:
            addresses: ['10.200.56.254/24']
            gateway4: 10.200.56.1
            nameservers:
                addresses: [195.78.215.228, 195.78.223.228]
                addresses: [8.8.8.8, 8.8.4.4]
            match:
                macaddress: 00:60:e0:76:9e:e8
            set-name: eth_ext
  version: 2

重启后,接口将根据 netplan 配置文件进行配置。但 /etc/resolv.conf 配置错误

root@gate:~# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

进行的测试/检查:

  • /etc/resolv.conf 是 ../run/systemd/resolve/stub-resolv.conf 的符号链接
  • systemd-resolve --status 返回 eth_ext 接口的正确 DNS,但没有全局 DNS(可能是一个问题?)
    root@gate:~# systemd-resolve --status
    Global
           LLMNR setting: no
    MulticastDNS setting: no
      DNSOverTLS setting: no
          DNSSEC setting: no
        DNSSEC supported: no
              DNSSEC NTA: 10.in-addr.arpa
                          16.172.in-addr.arpa
                          168.192.in-addr.arpa
                          17.172.in-addr.arpa
                          18.172.in-addr.arpa
                          19.172.in-addr.arpa
                          20.172.in-addr.arpa
                          21.172.in-addr.arpa
                          22.172.in-addr.arpa
                          23.172.in-addr.arpa
                          24.172.in-addr.arpa
                          25.172.in-addr.arpa
                          26.172.in-addr.arpa
                          27.172.in-addr.arpa
                          28.172.in-addr.arpa
                          29.172.in-addr.arpa
                          30.172.in-addr.arpa
                          31.172.in-addr.arpa
                          corp
                          d.f.ip6.arpa
                          home
                          internal
                          intranet
                          lan
                          local
                          private
                          test

    Link 5 (eth_ext)
          Current Scopes: DNS
    DefaultRoute setting: yes
           LLMNR setting: yes
    MulticastDNS setting: no
      DNSOverTLS setting: no
          DNSSEC setting: no
        DNSSEC supported: no
             DNS Servers: 195.78.215.228
                          195.78.223.228
                          8.8.8.8
                          8.8.4.4

    Link 4 (enp0s31f6)
          Current Scopes: none
    DefaultRoute setting: no
           LLMNR setting: yes
    MulticastDNS setting: no
      DNSOverTLS setting: no
          DNSSEC setting: no
        DNSSEC supported: no

    Link 3 (eth_int)
          Current Scopes: none
    DefaultRoute setting: no
           LLMNR setting: yes
    MulticastDNS setting: no
      DNSOverTLS setting: no
          DNSSEC setting: no
        DNSSEC supported: no

    Link 2 (enp3s0)
          Current Scopes: none
    DefaultRoute setting: no
           LLMNR setting: yes
    MulticastDNS setting: no
      DNSOverTLS setting: no
          DNSSEC setting: no
        DNSSEC supported: no
  • 编辑了 /etc/systemd/resolved.conf,设置并取消注释 DNS 条目。运行 systemd-resolve --status 时会出现一个全局 DNS 条目,但 /etc/resolv.conf 不会改变

显然,这种不匹配将导致 DNS 无法正常工作

root@gate:~# ping google.com
ping: google.com: Temporary failure in name resolution

root@gate:~#  nslookup heise.de 127.0.0.53
;; connection timed out; no servers could be reached

我该如何解决这个问题?

答案1

您提到过,您的/etc/resolv.conf符号链接是/run/systemd/resolve/stub-resolv.conf

要解决此问题,请执行以下操作:

  1. 取消链接:$ sudo unlink /etc/resolv.conf
  2. $ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
  3. sudo systemctl restart systemd-resolved.service

以下信息来自man systemd-resolved

/ETC/RESOLV.CONF
       Four modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:

       •   systemd-resolved maintains the /run/systemd/resolve/stub-resolv.conf file for compatibility with
           traditional Linux programs. This file may be symlinked from /etc/resolv.conf. This file lists the
           127.0.0.53 DNS stub (see above) as the only DNS server. It also contains a list of search domains that are
           in use by systemd-resolved. The list of search domains is always kept up-to-date. Note that
           /run/systemd/resolve/stub-resolv.conf should not be used directly by applications, but only through a
           symlink from /etc/resolv.conf. This file may be symlinked from /etc/resolv.conf in order to connect all
           local clients that bypass local DNS APIs to systemd-resolved with correct search domains settings. This
           mode of operation is recommended.

       •   A static file /usr/lib/systemd/resolv.conf is provided that lists the 127.0.0.53 DNS stub (see above) as
           only DNS server. This file may be symlinked from /etc/resolv.conf in order to connect all local clients
           that bypass local DNS APIs to systemd-resolved. This file does not contain any search domains.

       •   systemd-resolved maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional
           Linux programs. This file may be symlinked from /etc/resolv.conf and is always kept up-to-date, containing
           information about all known DNS servers. Note the file format's limitations: it does not know a concept of
           per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that
           /run/systemd/resolve/resolv.conf should not be used directly by applications, but only through a symlink
           from /etc/resolv.conf. If this mode of operation is used local clients that bypass any local DNS API will
           also bypass systemd-resolved and will talk directly to the known DNS servers.

       •   Alternatively, /etc/resolv.conf may be managed by other packages, in which case systemd-resolved will read
           it for DNS configuration data. In this mode of operation systemd-resolved is consumer rather than provider
           of this configuration file.

       Note that the selected mode of operation for this file is detected fully automatically, depending on whether
       /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or lists 127.0.0.53 as DNS server.

答案2

我注意到您没有在您的局域网上指定 dhcp4: false 并且没有分配名称服务器 - 这可能是您的问题?

我最近刚刚将我的 ubuntu 机器设置为路由器,经过一番努力后,我放弃了命名接口,而是将它们作为 yaml 文件中的 eno1 / enp1s0(顺便说一句,我将它们的描述合并到一个我命名的文件中,01-router-all.yaml这样在进行更改时我只需编辑一个文件)。我认为我遇到了竞争条件,因为在网络服务根据我的 .yaml 命名接口之前,dhcp 服务器服务就开始启动了。

如果有帮助的话,下面是我的工作/etc/netplan/01-router-all.yaml(我有点作弊并分配了公共 DNS,因为我仍然需要在我的计算机上设置 DNS 服务器):

network:
  version: 2
  renderer: networkd

  ethernets:
    # eno1 = wan1
    eno1:
      dhcp4: false
      addresses: [192.168.1.8/24]
      nameservers:
        addresses: [9.9.9.9, 1.1.1.1]
        search: []

    # enp1s0 = lan
    enp1s0:
      dhcp4: false
      addresses: [192.168.9.1/24]
      nameservers:
        addresses: [9.9.9.9, 1.1.1.1]
        search: []

相关内容